我们有一个应用程序，我们在其中以 domainusername 格式存储用户登录名.我们通过 windows 进行身份验证，然后通过将我们从用户获得的 domainusername 与我们的数据库进行匹配，从我们的数据库中获取更多信息.

We have an application where we store users login name in the format domainusername. We authenticate via windows and then get additional info from our database by matching the domainusername we get from the user to our database.

现在他们想迁移到云端.我们通过 Azure AD 中的应用对用户进行身份验证.但是，我们得到的 user 标识符是 first.last@domain.com.

Now they want to move to the cloud. We authenticate users via apps in Azure AD. However, the user identifier we get back is first.last@domain.com.

我摆弄了 https://graph.microsoft.com/v1.0/users/email 和 select 命令来尝试获取旧"名称.但是，呃，我还没有找到如何获得它.

I have fiddled around with https://graph.microsoft.com/v1.0/users/email and the select command to try and get the 'old' name. Howev,er I have not yet found out how to get it.

他们迁移到云端的原因是他们正在合并两个 AD.所以一些用户将是 DomainA 和一些 DomainB，但在同一个租户中.所以我的第一个想法是尝试将邮件转换为其他格式.但是，两个不同的 AD 有不同的命名标准.一个有 DOMAINAfila(名字的两个首字母和姓氏的两个首字母)，另一个有 DOMAINBfirlas.尝试以这种方式解决它也感觉非常难看.

The reason they move to the cloud is that they are merging two ADs. So some users will be DomainA and some DomainB, but in the same tenant. So my first thought was to try and convert the mail to the other format. However, the two different ADs have different naming standards. One has DOMAINAfila (two first letters from the first name and two first letters from the last name) and the other one has DOMAINBfirlas. Also it feels really ugly to try and solve it that way.

是否可以通过 Microsoft Graph 获取格式化为 domainusername 的用户登录名?

Is it possible to fetch the users loginname formatted as domainusername via Microsoft Graph?

推荐答案

使用beta版Graph，可以从onPremisesDomainName获取用户的域名和用户名，onPremisesSamAccountName 属性:

Using the beta edition of Graph, you can obtain the user's domain and username from the onPremisesDomainName and onPremisesSamAccountName properties:

/beta/users?$select=userPrincipalName,onPremisesDomainName,onPremisesSamAccountName

域存储为 FQDN，因此您需要进行一些翻译.例如，domainName.ad.contoso.com 可能会转换为 domainName).

The domain is stored as a FQDN so you'll need to do some translation. For example, domainName.ad.contoso.com might translate to domainName).

这将为您提供一种解决方法，以便您可以将用户与您的内部数据库进行匹配.然而，这只是一个临时解决方案.从长远来看，您真的想要迁移到使用 userPrincipalName.这是主要的用户标识符，并保证在给定租户中是唯一的.

This will give you a workaround so you can match up users with your internal databases. It is however only a temporary solution. Long-term, you really want to migrate to using the userPrincipalName. This is the primary user identifier and guaranteed to be unique within a given tenant.

Azure AD 与旧版 Active Directory 略有不同.传统 AD 中的某些概念，例如组织单元 (OU)、组策略对象 (GPO)、Kerberos 身份验证、轻量级目录访问协议 (LDAP)、多个域之间的域信任以及其他一些概念，根本不存在于云中.

Azure AD is a little different than the legacy Active Directory. Certain concepts from legacy AD such as Organizational Units (OUs), Group Policy Objects (GPOs), Kerberos Authentication, Lightweight Directory Access Protocol (LDAP), Domain trusts between multiple domains, and several others simply do not exist in the cloud.